Summary
I have a chunk that contains a script tag (for Google analytics). I can no longer save changes on that Chunk. I added
<IfModule mod_security.c>
SecFilterEngine Off
SecFilterScanPOST Off
</IfModule>
To my .htaccess file but there is no change.
I also tried
SecRuleRemoveById 212340
But still no results.
I also contacted my host who also suggested the same thing.
Would anyone know what I could do?
Environment
MODX 2.5.7
dejaya
June 21, 2022, 11:38am
2
Do you get an error message when you try to save?
Might be worth checking the server response in the Network tab on Chrome Dev Tools.
I wouldn’t think .htaccess would have any bearing on this. I’d check the dev tools console for errors when saving in the manager.
bobray
June 22, 2022, 4:16am
5
If you can save the chunk without the script tag, it almost certainly has to be a mod_security issue. Some hosts ignore any mod_security changes in .htaccess.
1 Like
OK I did some tests.
It appears that that Chunk will not save href
or src
.
My original Chunk contained a bunch of header items like:
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js" integrity="sha384-vBWWzlZJ8ea9aCX4pEW3rVHjgjt7zpkNpZk+02D9phzyeVkE+jo0ieGizqPLForn" crossorigin="anonymous"></script>
<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.8.1/css/all.css" integrity="sha384-50oBUHEmvpQ+1lW4y57PTFmhCaXp0ML5d60M1M7uH2+nqUivzIebhndOJK28anvf" crossorigin="anonymous">
<link href="styles_dist/css/main.css" rel="stylesheet">
If I remove anything containing href
or src
the Chunk saves.
I can paste in a blank tag like <link></link>
and just bare URLs like https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js
but it wont save it they’re combined.
Really weird.
Yup it’ll definitely be modsecurity/firewall or similar on the server blocking those requests due to the content.